September 26, 2016

CrySyS Releases Duqu Detector

(LiveHacking.Com) – The lab that participated in the discovery of the Duqu trojan has developed a detector toolkit that can find Duqu infections on a computer or in a whole network. The toolkit, released by the Laboratory of Cryptography and System Security (CrySyS), uses signature and heuristics methods to find traces of Duqu infections even when bits of the malware have already been removed from a PC.

The toolkit searches for a range of different Duqu related suspicious files and known indicators to detect the current or past presence of the trojan. However, as with all anomaly detection tools, it is possible that it generates false positives.

Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps.

The toolkit, which includes the source code, can be downloaded from here.

Recently NSS Labs also released its a Duqu detector. Their solution is based is Python script which uses pattern match to scan the system drivers. The script, which is published under BSD-licensed, is available from the their GitHub repository.